mirror of
https://github.com/genebean/dots.git
synced 2026-03-27 09:27:44 -04:00
103 lines
3.2 KiB
Nix
103 lines
3.2 KiB
Nix
{ config, ... }: let
|
|
domain = "technicalissues.us";
|
|
http_port = 80;
|
|
https_port = 443;
|
|
in {
|
|
|
|
imports = [
|
|
../../../system/common/linux/lets-encrypt.nix
|
|
];
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
appendHttpConfig = ''
|
|
# Add HSTS header with preloading to HTTPS requests.
|
|
# Adding this header to HTTP requests is discouraged
|
|
map $scheme $hsts_header {
|
|
https "max-age=31536000 always;";
|
|
}
|
|
add_header Strict-Transport-Security $hsts_header;
|
|
'';
|
|
virtualHosts = {
|
|
"hetznix01.${domain}" = {
|
|
default = true;
|
|
listen = [
|
|
{ port = http_port; addr = "0.0.0.0"; }
|
|
{ port = https_port; addr = "0.0.0.0"; ssl = true; }
|
|
];
|
|
enableACME = true;
|
|
acmeRoot = null;
|
|
addSSL = true;
|
|
forceSSL = false;
|
|
locations."/" = {
|
|
return = "200 '<h1>Hello world ;)</h1>'";
|
|
extraConfig = ''
|
|
add_header Content-Type text/html;
|
|
'';
|
|
};
|
|
};
|
|
"ot.${domain}" = {
|
|
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
|
|
enableACME = true;
|
|
acmeRoot = null;
|
|
forceSSL = true;
|
|
basicAuthFile = config.sops.secrets.owntracks_basic_auth.path;
|
|
locations = {
|
|
# OwnTracks Frontend container
|
|
"/" = {
|
|
proxyPass = "http://127.0.0.1:8082";
|
|
recommendedProxySettings = true;
|
|
};
|
|
};
|
|
};
|
|
"recorder.${domain}" = {
|
|
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
|
|
enableACME = true;
|
|
acmeRoot = null;
|
|
forceSSL = true;
|
|
basicAuthFile = config.sops.secrets.owntracks_basic_auth.path;
|
|
locations = {
|
|
# OwnTracks Recorder
|
|
"/" = {
|
|
proxyPass = "http://127.0.0.1:8083";
|
|
recommendedProxySettings = true;
|
|
};
|
|
"/pub" = { # Client apps need to point to this path
|
|
extraConfig = "proxy_set_header X-Limit-U $remote_user;";
|
|
proxyPass = "http://127.0.0.1:8083/pub";
|
|
recommendedProxySettings = true;
|
|
};
|
|
"/static/" = {
|
|
proxyPass = "http://127.0.0.1:8083/static/";
|
|
recommendedProxySettings = true;
|
|
};
|
|
"/utils/" = {
|
|
proxyPass = "http://127.0.0.1:8083/utils/";
|
|
recommendedProxySettings = true;
|
|
};
|
|
"/view/" = {
|
|
extraConfig = "proxy_buffering off;";
|
|
proxyPass = "http://127.0.0.1:8083/view/";
|
|
recommendedProxySettings = true;
|
|
};
|
|
"/ws" = {
|
|
extraConfig = "rewrite ^/(.*) /$1 break;";
|
|
proxyPass = "http://127.0.0.1:8083";
|
|
recommendedProxySettings = true;
|
|
};
|
|
};
|
|
};
|
|
"utk.${domain}" = {
|
|
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
|
|
enableACME = true;
|
|
acmeRoot = null;
|
|
forceSSL = true;
|
|
locations."/".proxyWebsockets = true;
|
|
locations."/".proxyPass = "http://127.0.0.1:3001";
|
|
};
|
|
}; # end virtualHosts
|
|
}; # end nginx
|
|
}
|